NAT of WAN IP (PIX FIREWALL) to ISA 2006 (IN DMZ )to setup EXCHANGE 2007 CAS (INTERNAL LAN)

Hi,  SETTING UP EXCHANGE CAS (EXCH SERVER IN THE INTERNAL LAN)
I realised I need to do a NAT of WAN IP on my PIX to the public ip DMZ interface of the ISA 2006 server. Also a DNS entry to for webmail.organization.com to point to WAN IP. I would like to clarify the following:

Once I have done the NAT on the PIX - that would mean that all traffic entering our network that wanted to get to any of the 12 servers in the DMZ - would be passing through the ISA 2006 server first.?? - Is that correct? - and therefore I would need to have all the ISA 2006 rules setup to allow appropriate traffic (basically the same rule set (ON ISA) allowing from outside -> to the DMZ as I have setup on my PIX - would that be a correct assumption - thanks
LVL 1
philb19Asked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

dfxdeimosCommented:
Yes.

You will start off with default rules like:

From in to out any any and whatever inbound rules that you have in your setup.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
philb19Author Commented:
It just occured to me - that (im not sure agian about this)
If I do that NAT ie Outside interface PIX to the DMZ interface of PIX - you say all traffic then goes through ISA. Does that mean that the traffic (all traffic) - would  then be bypassing the rule set on the PIX - and hence if I was to open all  on the ISA - I would be opening up ALL traffic to the inside LAN

I only alow 3 or 4 ports from outside to the DMZ (with the PIX rule set) - if the outside is NAT'd to the DMZ ISA - is that no longer valid - or not the case?
0
philb19Author Commented:
DMZ interface of PIX  ( I MEANT DMZ interface of ISA)
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Microsoft Forefront ISA Server

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.